New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MYST 355: limit openvpn client reconnects #167
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -60,6 +60,13 @@ func (c *Config) SetTLSCrypt(cryptFile string) { | |
c.AddOptions(OptionFile("tls-crypt", cryptFile)) | ||
} | ||
|
||
func (c *Config) SetReconnectLimits() { | ||
c.setParam("connect-retry-max", "2") | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is it ok, that we throw such parameters server->client. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I believe no. At least not in here. This is just openvpn related. True connect / reconnect attempts should go from tequila api. Failure to connect should probably mean either real connectivity issues or failed auth due to state / outdated auth procedure in dialog stage. |
||
c.setParam("remap-usr1", "SIGTERM") | ||
c.setFlag("single-session") | ||
c.setFlag("tls-exit") | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Some of params doesn't seem to be used for reconnection limit, which is the purpose of this method. I.e. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. i use limit in broader sense, not a number, but limitation, not to reconnect. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ant these are parameters that enforces that limitation.. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
I don't quite understand what you meant here - anyways, documentation for this method is missing - maybe documenting this would explain what broader sense you have? |
||
} | ||
|
||
func (c *Config) SetKeepAlive(interval, timeout int) { | ||
c.setParam("keepalive", strconv.Itoa(interval)+" "+strconv.Itoa(timeout)) | ||
} | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -40,6 +40,7 @@ func NewClientConfig( | |
config.SetClientMode(remote, 1194) | ||
config.SetTLSCACertificate(caCertPath) | ||
config.SetTLSCrypt(tlsCryptKeyPath) | ||
config.SetReconnectLimits() | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If number There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. intuitively I want to pass parameters to a function that has a There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Restrict prob better term here. Will rename. |
||
|
||
config.SetDevice("tun") | ||
config.setParam("cipher", "AES-256-GCM") | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we return error when we are unable to found country in database, using country detector would be much easier - if error was not returned, that means country was returned :)
This doesn't have to be solved in this PR, but since you're adding such case, we can add a
TODO
just to track this :)There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return errors.New("unkown country for IP: x.x.x")